Improper RFC Protocol Validation in SAP Kernel Affects SAP NetWeaver and ABAP Platform
CVE-2026-27671
9.8CRITICAL
What is CVE-2026-27671?
The SAP Kernel used in the Application Server ABAP of SAP NetWeaver and ABAP Platform has a vulnerability due to improper validation of RFC protocols. An unauthenticated attacker could exploit this flaw by sending specially crafted RFC requests that trigger logical errors within memory management. This exploitation can result in memory corruption, potentially compromising the confidentiality, integrity, and availability of the affected application. It is crucial for SAP users to apply the necessary patches to mitigate this risk.
Affected Version(s)
SAP NetWeaver AS ABAP and ABAP Platform KRNL64NUC 7.22
SAP NetWeaver AS ABAP and ABAP Platform 7.22EXT
SAP NetWeaver AS ABAP and ABAP Platform KRNL64UC 7.22